Souci antispyware

ComboFix 08-05-25.5 - Propriétaire 2008-05-26 22:19:54.3 - NTFSx86
Endroit: G:\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\cxvuawrj.dll
C:\WINDOWS\system32\efcDustr.dll
C:\WINDOWS\system32\jctfswlm.dll
C:\WINDOWS\system32\qywdrkxo.dll
C:\WINDOWS\system32\snbmwiir.dll
C:\WINDOWS\system32\ttpxxueo.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM036b3e8d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cxvuawrj.dll
C:\WINDOWS\system32\efcDustr.dll
C:\WINDOWS\system32\exnyyssf.exe
C:\WINDOWS\system32\jctfswlm.dll
C:\WINDOWS\system32\jPAJlnpo.ini
C:\WINDOWS\system32\jPAJlnpo.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnlJAPj.dll
C:\WINDOWS\system32\qywdrkxo.dll
C:\WINDOWS\system32\snbmwiir.dll
C:\WINDOWS\system32\ttpxxueo.dll
C:\WINDOWS\system32\upbgolhc.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.

2008-05-26 21:27 . 2008-05-26 21:27 116,736 --a------ C:\WINDOWS\system32\chlogbpu.dll
2008-05-26 21:21 . 2008-05-26 21:21 124,928 --a------ C:\WINDOWS\system32\hkmukcwp.dll
2008-05-26 21:08 . 2008-05-26 21:23 354 ---hs---- C:\WINDOWS\system32\oeuxxptt.ini
2008-05-18 12:51 . 2008-05-18 12:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 12:51 . 2008-05-18 12:51 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 20:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-26 18:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-26 02:56 --------- d-----w C:\Program Files\eMule
2008-04-20 21:45 --------- d-----w C:\Program Files\TVAnts
2008-04-20 21:43 --------- d-----w C:\Program Files\SopCast
2008-04-19 11:16 --------- d-----w C:\Program Files\FlashGet
2008-04-17 21:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-17 11:27 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-17 11:19 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-04-17 11:14 --------- d-----w C:\Program Files\Nero
2008-04-17 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-17 11:03 --------- d-----w C:\Program Files\ahead
2008-04-17 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-07 17:52 --------- d-----w C:\Program Files\AliveMedia
2008-04-02 17:22 --------- d-----w C:\Program Files\DivX
2008-04-02 17:09 --------- d-----w C:\Program Files\RecordNow
2008-04-02 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-26 18:08 --------- d-----w C:\Program Files\QuickTime
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 -csha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
2004-06-22 19:01 32 --sha-w C:\WINDOWS\{30E27BE1-E96B-4CF4-9C1D-9D57D6FACD33}.dat
2004-07-19 11:13 56 -csh--r C:\WINDOWS\system32\A392A3D701.sys
2005-10-07 18:14 308,224 -csha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2004-06-22 19:01 32 --sha-w C:\WINDOWS\system32\{41D3EBEC-A381-4698-859E-8FE810443017}.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 11:59 68856]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-07-28 14:19 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 22:30 188416]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-03 21:47 98304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-20 16:35 95960]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42 60344]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36 54512]
"adiras"="adiras.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"00580d11"="C:\WINDOWS\system32\chlogbpu.dll" [2008-05-26 21:27 116736]
"BM036b3e8d"="C:\WINDOWS\system32\hkmukcwp.dll" [2008-05-26 21:21 124928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 16:07 54888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDustr]
efcDustr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON-9Online.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON-9Online.LNK
backup=C:\WINDOWS\pss\DSLMON-9Online.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"G:\\Mes Documents 2\\logiciels\\utorrent.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8285:TCP"= 8285:TCP:*:Disabled:ppLive
"3890:UDP"= 3890:UDP:*:Disabled:ppLive
"9420:TCP"= 9420:TCP:RSP
"4262:TCP"= 4262:TCP:*:Disabled:ppLive
"8726:UDP"= 8726:UDP:*:Disabled:ppLive

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08]
S3 packet_2.1;Packet Driver v2.1;C:\WINDOWS\system32\drivers\packet.sys [2000-10-24 16:26]
S3 PentaxUsb;Pentax Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 06:59]
S3 PentaxVc;Pentax Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 07:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-26 20:39:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 22:33:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\WINDOWS\system32\upbgolhc.ini 294 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\chlogbpu.dll
-> C:\WINDOWS\system32\hkmukcwp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Mes Documents 2\logiciels\utorrent.exe
G:\Downloads\basic\setup.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-26 22:56:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 20:53:15
ComboFix2.txt 2008-05-26 19:24:07
ComboFix3.txt 2008-03-02 11:55:13

Pre-Run: 3,993,104,384 octets libres
Post-Run: 3,919,601,664 octets libres

215 --- E O F --- 2008-05-16 19:59:15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:00, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Mes Documents 2\logiciels\utorrent.exe
G:\Downloads\basic\setup.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis\Azerty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [00580d11] rundll32.exe "C:\WINDOWS\system32\chlogbpu.dll",b
O4 - HKLM\..\Run: [BM036b3e8d] Rundll32.exe "C:\WINDOWS\system32\hkmukcwp.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Télécharger avec NetTransport - G:\Program Files\NetTransport\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - G:\Program Files\NetTransport\NTAddList.html
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
O20 - Winlogon Notify: efcDustr - efcDustr.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

ok. je suis en train d'installer antivir. je posterai un rapport demain midi.
merci de ton aide.

C:\QooBox\Quarantine\C\WINDOWS\system\smss.exe.vir
[DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
[NOTE] The file was moved to '48aea74a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cxvuawrj.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b1a756.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDttqn.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4885a74b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nvsvcd.exe.vir
[DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
[NOTE] The file was moved to '48aea756.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qywdrkxo.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b2a75a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\snbmwiir.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '489da74f.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/TFTP3640
[DETECTION] Contains detection pattern of the worm WORM/Rbot.N
[NOTE] The file was moved to '489ea747.qua'!
C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1366\A0479777.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486fa723.qua'!
C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1369\A0479849.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486fa72a.qua'!
C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1369\A0479852.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49f0b7bb.qua'!
C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1369\A0479853.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486fa72b.qua'!
C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1371\A0479919.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1371\A0479919.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.MK
[NOTE] The file was moved to '486fa730.qua'!
C:\WINDOWS\system32\hkmukcwp.VIR
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'G:\' <Thomas>
G:\Mes Documents 2\préparé\urzi42tw.jpg
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[NOTE] The file was moved to '48b5edfb.qua'!
G:\Mes Documents 2\préparé\XC_Fassi3.jpg
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[NOTE] The file was moved to '489aede3.qua'!


End of the scan: mardi 27 mai 2008 13:28
Used time: 5:42:28 min

The scan has been done completely.

6978 Scanning directories
411688 Files were scanned
15 viruses and/or unwanted programs were found
7 Files were classified as suspicious:
0 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
411673 Files not concerned
18440 Archives were scanned
3 Warnings
21 Notes

j'obtiens le meme résultat!

Re
Ce que je ne comprend pas, c'est que depuis ton rapport Hijack du 26 à 23h, normalement,
tu as simplement installé Antivir et effectué un scan.

Pourquoi ton rapport du 28 à 22h est-il si court ?
Et en plus sans entête Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:00, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

As tu essayé autre chose entre temps ?

A+

C'est quoi ce canular !
On commence en XP SP2 et on en est à VISTA SP1 maintenant !!!!!!!!!!!!

Il faudrait des explications.
A+